» regutility_v4_1_serial_number_downloader.exe
Overview
Analysis
File Details
Downloads (1)

regutility_v4_1_serial_number_downloader.exe

The application regutility_v4_1_serial_number_downloader.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. This is a setup program which is used to install the application. It uses the ExpressFiles installer to bundle additional adware offers such as toolbars and web browser addons. The file has been seen being downloaded from t.go-for-files.com.

File name:

MD5:

57b8ddc87ce8034876122fd68e562e9c

SHA-1:

7c98cc2674321834c0fbad61b1c0a81de4bc05e6

SHA-256:

39075cf46e529f0d8bcf712b689ac7119dc9c458f867a62022bb874c6aa777da

Scanner detections:

20 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 2:47:08 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.ExpressFiles

2013.12.17

Avira AntiVirus

Adware/ExpressFiles.A

7.11.110.156

avast!

Win32:PUP-gen [PUP]

2014.9-140501

AVG

Skodna.Generic_r

2015.0.3488

Baidu Antivirus

Trojan.Win32.YourFileDownloader

4.0.3.1451

Bkav FE

W32.Clod57e.Trojan

1.3.0.4923

Dr.Web

Adware.Downware.825

9.0.1.0121

Emsisoft Anti-Malware

Trojan.Generic.10243911

8.14.05.01.12

ESET NOD32

Win32/ExpressDownloader (variant)

8.9698

Fortinet FortiGate

Adware/YourFileDownloader

5/1/2014

IKARUS anti.virus

AdWare.ExpressFiles

t3scan.2.2.29

K7 AntiVirus

Unwanted-Program

13.174.10509

Malwarebytes

PUP.Optional.GoForFiles.A

v2014.05.01.12

McAfee

Artemis!6A4B4457BD04

5600.7144

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Rising Antivirus

PE:PUF.GoForFiles!1.9F70

23.00.65.14429

Sophos

Go For Files

4.91

Trend Micro House Call

TROJ_GEN.F47V0808

7.2.121

Trend Micro

TROJ_SPNR.08BK13

10.465.01

VIPRE Antivirus

ExpressFiles Installer

20612

File size:

1.1 MB (1,162,926 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\regutility_v4_1_serial_number_downloader.exe

File PE Metadata

Compilation timestamp:

4/16/2014 11:07:39 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:efktKPJqwPyFWRIbTSwHBwO32nj4fb/zE98GAFFwAy29JNQJGWPN3:eMYqwPeWkTSwHuO3Swb7q8GeFw29DQg0

Entry address:

0x33946

Entry point:

E8, CE, CD, 00, 00, E9, 89, FE, FF, FF, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, E4, 7B, 46, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, E0, 5C, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, C0, 3A, 43, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8, FF, 24, 85, D4, 39... 
[+]

Entropy:

7.7282 (probably packed)

Code size:

312.5 KB (320,000 bytes)

The file regutility_v4_1_serial_number_downloader.exe has been seen being distributed by the following URL.

http://t.go-for-files.com/j5GXUmXFvVJq3blGIe7laD XhiJgqbgnPYqoInitk3Vqv9hmEeneYxfn2GoT/oIWTKuYDlbdwFIG3c1JSZ1jGlrRPE5yyTldNpV/CySdY9wnmCi0dHd04jI5JL9sLlXqLmkY5A12XewHZki5HmpQxQh1VvgGWUnOSxEbzBZBIthDHmPD610shrcHdIi9AWn7uwVzt AvPb71MAKm/.../HWIAXmxA==

Remove regutility_v4_1_serial_number_downloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.